Security setting to prevent passive ftp?

Jon August jon at internection.com
Sun Jul 24 13:38:35 UTC 2005 

Hmm - looks like that module fails to load.  Is there a log that  
would explain why this failed?  Thanks for the help!

$ sudo /etc/rc.d/init.d/iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: iptables_conntrack_ftp[FAILED]

-Jon





On Jul 24, 2005, at 6:36 AM, Matthew Saltzman wrote:


> On Sat, 23 Jul 2005, Jonathan August wrote:
>
>
>
>>
>> The modprobe ip_conntrack_ftp doesn't return anything and it seems  
>> to still have an issue...  Do I need to reboot or something?
>>
>>
>
> You can tell if the modprobe had the desired effect by issuing lsmod.
>
>
>
>>
>> Also, what do I add to /etc/sysconfig/iptables-config?  There just  
>> seems to be a few things in there with YES or NO settings...
>>
>>
>
> IPTABLES_MODULES="iptables_conntrack_ftp"
>
> No need to reboot, but you could "/sbin/service iptables restart".  
> Shouldn't be necessary after the modprobe, but the iptables-config  
> entry only takes effect after restarting iptables.
>
> Are you sure all appropriate ports (20 and 21) are open (on the  
> server and through the firewall)?  Is ncftpd configured correctly  
> for passive access?
> (I don't know anything about configuring ncftpd.  Just trying to  
> think of things to check.)
>
>
>
>>
>> ??
>>
>> Thanks,
>> -Jon
>>
>>
>>
>> On Jul 23, 2005, at 10:12 AM, Matthew Saltzman wrote:
>>
>>
>>
>>> On Sat, 23 Jul 2005, Alexander Dalloz wrote:
>>>
>>>
>>>> Am Sa, den 23.07.2005 schrieb Jonathan August um 15:38:
>>>>
>>>>
>>>>> For my users that use passive ftp, when they connect to ncftpd  
>>>>> on my
>>>>> server, the connection takes a long time and eventually for  
>>>>> them as
>>>>> dialup users, it times out.  If I try to ftp to the machine  
>>>>> behind my
>>>>> firewall and specify to use passive, as soon as I try anything  
>>>>> that
>>>>> sends data (ls, put, get), the connection gets dropped.  I  
>>>>> turned off
>>>>> SELinux, but this didn't help.  Any ideas?
>>>>>     -Jon
>>>>>
>>>>>
>>>> modprobe ip_conntrack_ftp
>>>>
>>>>
>>> And to make it permanent, add to /etc/sysconfig/iptables-config.
>>>
>>>
>>>> Alexander
>>>>
>>>>
>>> -- 
>>>         Matthew Saltzman
>>> Clemson University Math Sciences
>>> mjs AT clemson DOT edu
>>> http://www.math.clemson.edu/~mjs
>>> -- 
>>> fedora-list mailing list
>>> fedora-list at redhat.com
>>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>>
>>
>>
>>
>>
>>
>
> -- 
>         Matthew Saltzman
>
> Clemson University Math Sciences
> mjs AT clemson DOT edu
> http://www.math.clemson.edu/~mjs
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>

More information about the fedora-list mailing list